Matomo Core Team

Professional Security Audit for Matomo 1.1

In the past, whenever we received security related questions and suggestions for Matomo (Piwik), sent to our security@piwik.org address, we quickly reacted and released a fix in a new Matomo release. However, going forward, we want to be proactive, so we requested a professional and thorough review of our code base.

SektionEins, a leading software security company based in Germany, undertook the professional security review of the Matomo (Piwik) source code. Stefan Esser conducted the audit on the Matomo source code for 5 full days. Stefan then sent us all the details about what could be improved in Matomo regarding security (various recommendations, XSS, etc.). Anthon and Matt from the Matomo team then prepared fixes and improvements following the security audit, which were then released in Matomo 1.1.

We would like to give a huge thanks to SektionEins and Stefan Esser for their work and support to Matomo (Piwik) and the open source community. We are very happy with their service, and can only recommend all other open source projects (and of course any closed source softwares) to contract them for security audits, consulting and/or security training.

We also want to give credit to our sponsors who helped us cover the cost of the review.

Become a partner

Privacy

Sign up for our newsletter

We are constantly adding new features and content to the leading All-In-One Analytics Platform that gives you control over your data. If you want to stay up to date with everything that is happening, feel free to subscribe below. You can unsubscribe at any time from it. The newsletter service uses MadMimi. Learn more about it within our privacy Policy page.